Error: No connection could be made because the target machine actively refused it

[rizamarhaban]

• [X] I read and understood how to enable logging

Question / Issue

Why I sometimes get this error when try to authorize from the MVC client, not even end up on the login page.

Scenario

• The issue sometime didn't happen however most of the time shows the error.
• This issue never happen/exist if I deploy to Azure or run on local machine.
• I have 3 applications which is the MVC Client, Web API client and IdentityServer3.
• Three of them are on localhost on separate Virtual Directory in IIS.
• This issue exist if I deploy to clients (data center) machine which has Reverse Proxy server for the domain, e.g. http://yyy.some-domain.com.
• If I don't add IssuerUri and PublicOrigin on the IdentityServer configuration, the OpenId configuration disco will show all the "connect" URL as localhost IP address instead of the domain name.
• On the MVC and Web API client, the authority points to identity server at http://localhost/staging/idsrv.
• On the MVC client, I points to http://localhost/staging/webapi.
• All of the 3 applications cannot be access within the local machine using the public domain name. However it works if I use localhost, e.g. http://localhost/staging/idsrv/.well-known/openid-configuration. But cannot use: http://yyy.some-domain.com/staging/idsrv/.well-known/openid-configuration from inside the local machine. Yet, this can be access through public internet and returns the disco config with no issue.
• All redirect URL points to the revers proxy public domain URL.

I have no idea how to solve this issue. I also cannot say because of their data center issue as they host hundreds of apps and none of them has issue. My solution now is to add the,

DelayLoadMetadata = true

on the Web API project as I suspect because of this. Or is there something that I should change before I deploy back to their server.

Relevant parts of the log file

IdentityServer logs shows no error.

[brockallen]

This seems to be a general question about IdentityServer - not a bug report or an issue.

Please use one of the our free or commercial support options

See here for more details.

Thanks!